<?php

$obj=new mysql($config);
header("Content-type:text/html;charset=utf8");
if(empty($_SESSION['user']['name'])){

  echo "<script>alert('非法操作');location.href='index.php?c=login&a=index';</script>";
  return;
}


// 发送激活码
if(isset($_SERVER['HTTP_X_REQUESTED_WITH'])&&$_GET['flag']=='getkey'){
      $email=$_GET['email'];
      $id=$_GET['userid'];
      $obj->del("id=$id",'state');
      echo sendEmail($email,$id,2);
      die;

}


// 验证激活码
if(isset($_SERVER['HTTP_X_REQUESTED_WITH'])&&$_GET['flag']=='validate'){
      $id=$_GET['userid'];
      $key=$_GET['key'];
      $sql="select * from `state` where `id`=$id and `value`='$key'";
      $date=$obj->getOne($sql);
      echo !empty($date)?'1':'0';
      die;
}


// 修改密码
if(isset($_SERVER['HTTP_X_REQUESTED_WITH'])&&$_GET['flag']=='set'){
      $id=$_GET['userid'];
      $_POST['oldpassword']=md5($_POST['oldpassword']);
      $_POST['password']=md5($_POST['password']);
      $sql="select * from `user` where `id`=$id and `password`='$_POST[oldpassword]'";
      $row=$obj->getOne($sql);
      if(!empty($row)&&$_POST['password']!=$_POST['oldpassword']){
            unset($_POST['oldpassword']);      
            $obj->update($_POST,array('id'=>$id),'user');
            $obj->del("id=$id",'state');
            echo 1;
            die;

      }else{
            echo 0;
            die;
      }
}

require_once VIEW_PATH.'home/layout.html';
